Community Raises More Than $ 60,000 For TrueCrypt Open Independent Audit

According to statistics from the official site, the program for working with encrypted sections and TrueCrypt files has been downloaded almost thirty million times. This is one of the most, if not the most massive cryptographic tool available to a mere mortal and at the same time possessing rich and deep possibilities.

Next year TrueCrypt will be ten years old. Despite such a respectable age, for all this time a formal independent audit of the program code has not been conducted. As in many other Open Source projects, developers are constantly working on new features and bug fixes, but do not find the time, money or opportunities for such events. TrueCrypt has other problems - a license that is not entirely clear, there is no official code repository on the Github or other similar platform, the compilation and assembly process is not formalized, which is why it is impossible to guarantee the identity of the program on different platforms.

All this, as well as the revelations of Edward Snowden about the NSA's total surveillance and bookmarks in cryptographic software, which cast a shadow on TrueCrypt, inspired Kenneth White, programmer and biotechnology specialist, and Matthew Green, John Hopkins University professor and cryptologist, start a crowdfunding campaign, the purpose of which is to conduct a full audit of TrueCrypt code, tidy up its license, develop and document a standard algorithm for assembling binaries on all platforms and create a public code repository. The idea was supported by the TrueCrypt development team.

Fundraising is conducted at two crowdfunding venues - FundFill and IndieGoGoMoreover, FundFill accepts not only payment cards, but also bitcoins. At the time of writing, $ 62,953 was raised on both sites. In addition, a project site was created with a detailed description of the goals, audit methods and current campaign news.

The preliminary plan for putting TrueCrypt in order consists of four points:

1. License revision. TrueCrypt is published under an old, non-standard and possibly not quite free and open license. Professional lawyers will analyze and edit it.
2. Standardization of binaries. Most users download TrueCrypt in compiled form. It is necessary to develop a standard build procedure on all platforms, which guarantees the correct operation of TrueCrypt in any environment similar to that used by Tor .
3. Bonuses for bugs found. If enough funds are collected, a fund will be created from which rewards will be paid for the vulnerabilities found.
4. Professional audit. All code will be examined by specialists from one of the reputable companies with experience in security audit of cryptographic software.

TrueCrypt contains more than 70,000 lines of code in Assembler, C and C ++. The IndieGoGo campaign ends on December 13th. If everything goes according to plan, the code audit will be completed in February next year.